By Topic

A case study of unknown attack detection against Zero-day worm in the honeynet environment

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

7 Author(s)
Ikkyun Kim ; Inf. Security Res. Div., Electron. & Telecommun. Res. Inst., Daejeon ; Daewon Kim ; Byunggoo Kim ; Yangseo Choi
more authors

We have presented an early detection system, ZASMIN (Zero-day Attack Signature Management Infrastructure), for novel network attack protection. This system provides early detection function and validation of attack at the moment the attacks start to spread on the network. In order to detect unknown network attack, the ZASMIN system has adopted various of new technologies, which are composed of suspicious traffic monitoring, attack validation, polymorphic worm recognition, signature generation. Some of these functionalities are implemented with hardware-based accelerator to be able to deal with giga-bit speed traffic, therefore, it can be applicable to Internet backbone or the bottle-neck point of high-speed enterprise network without any loss of traffic. In order to check the feasibility of ZASMIN, we have installed it on real honeynet environment, then we have analyzed the result about detection of unknown attack.

Published in:

Advanced Communication Technology, 2009. ICACT 2009. 11th International Conference on  (Volume:03 )

Date of Conference:

15-18 Feb. 2009